Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch.
The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.
That link was to a page that did not describe the relevant flaws, instead detailing CVE-2023-22518, the 9.1-rated stinker revealed in late October and later upgraded to a perfect 10/10.
Nor did links to the four CVEs the email mentions reach the correct page for around an hour - all produced a Page Not Found error and a suggestion that the page may have been renamed with another URL that does carry the correct information.
The URLs all include URLdefense.com - a service offered by Proofpoint.
While the links were dead, Atlassian did manage to publish info about the four fresh problems here.
The fix for all the flaws is the same: upgrade the product to a fixed version.
This Cyber News was published on go.theregister.com. Publication date: Wed, 06 Dec 2023 07:13:05 +0000